Re: [openstack-dev] [infra][nova][all] Pillow breaking gate?

2015-10-01 Thread Carlos Garza
I fixed this on my local ubuntu 14.04 box by doing ³apt-get install libjpeg-dev² Can we just make that a low level package dependency on the images in gate so that We can move forward? On 10/1/15, 5:48 PM, "Kevin L. Mitchell" wrote: >It looks like Pillow (pulled in

Re: [openstack-dev] [Kuryr] tox -egenconfig not working

2015-10-01 Thread Carlos Garza
If its because of an Error like "ValueError: --enable-jpeg requested but jpeg not found, aborting² triggered by a dependency pull of Python pillow which then I got around it by doing an ³apt-get install libjpeg-dev² on my ubuntu build. I agree its seemed odd when it happened on tox but not on

Re: [openstack-dev] [Neutron][LBaaS] new common module for Barbican TLS containers interaction

2014-07-30 Thread Carlos Garza
on this API. Thanks, Evg -Original Message- From: Carlos Garza [mailto:carlos.ga...@rackspace.com] Sent: Thursday, July 24, 2014 7:08 PM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Neutron][LBaaS] new common module for Barbican

Re: [openstack-dev] [Neutron][LBaaS] TLS capability - work division

2014-07-24 Thread Carlos Garza
module API integration. After the IRC meeting tomorrow, we can discuss the work items and decide who is interested/available to do them. Does it make sense? Thanks, Evg -Original Message- From: Carlos Garza [mailto:carlos.ga...@rackspace.com] Sent: Wednesday, July 23, 2014 6

Re: [openstack-dev] [Neutron][LBaaS] new common module for Barbican TLS containers interaction

2014-07-24 Thread Carlos Garza
I'Just park a madule with a stub call that I can populate with pyasn1. On Jul 24, 2014, at 10:38 AM, Evgeny Fedoruk evge...@radware.com wrote: Hi, Following our talk on TLS work items split, We need to decide how will we validate/extract certificates Barbican TLS containers. As we

Re: [openstack-dev] [Neutron][LBaaS] new common module for Barbican TLS containers interaction

2014-07-24 Thread Carlos Garza
Sorry I meant to say I'm pretty agreeable just park a stub module so I can populate it. On Jul 24, 2014, at 11:06 AM, Carlos Garza carlos.ga...@rackspace.com wrote: I'Just park a module with a stub call that I can populate with pyasn1. On Jul 24, 2014, at 10:38 AM, Evgeny Fedoruk evge

Re: [openstack-dev] [Neutron][LBaaS] TLS capability - work division

2014-07-23 Thread Carlos Garza
modification, lbaas db v2 modifications, alembic migration for schema changes and new tests in unit testing for lbaas db v2. Thanks, Evg -Original Message- From: Carlos Garza [mailto:carlos.ga...@rackspace.com] Sent: Wednesday, July 23, 2014 3:54 AM To: OpenStack Development

Re: [openstack-dev] [Neutron][LBaaS] TLS capability - work division

2014-07-23 Thread Carlos Garza
-Original Message- From: Carlos Garza [mailto:carlos.ga...@rackspace.com] Sent: Wednesday, July 23, 2014 6:15 PM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Neutron][LBaaS] TLS capability - work division Do you have any idea

Re: [openstack-dev] [Neutron][LBaaS] TLS capability - SNI - Extracting SubjectCommonName and/or SubjectAlternativeNames from X509

2014-07-22 Thread Carlos Garza
they are: the tuples you've described. Thanks, Stephen On Thu, Jul 17, 2014 at 2:29 PM, Carlos Garza carlos.ga...@rackspace.com wrote: I added the following comments to patch 14 but I'm not -1 it but I think its a mistake to assume the altSubjectName is a string type. See below

Re: [openstack-dev] [Neutron][LBaaS] TLS capability - certificates data persistency

2014-07-22 Thread Carlos Garza
On Jul 20, 2014, at 6:32 AM, Evgeny Fedoruk evge...@radware.com wrote: Hi folks, In a current version of TLS capabilities RST certificate SubjectCommonName and SubjectAltName information is cached in a database. This may be not necessary and here is why: 1. TLS containers are

[openstack-dev] [Neutron][LBaaS] TLS capability - work division

2014-07-22 Thread Carlos Garza
Since it looks like the TLS blueprint was approved I''m sure were all eager to start coded so how should we divide up work on the source code. I have Pull requests in pyopenssl https://github.com/pyca/pyopenssl/pull/143;. and a few one liners in pica/cryptography to expose the needed

Re: [openstack-dev] [Neutron][LBaaS] TLS capability - SNI - Extracting SubjectCommonName and/or SubjectAlternativeNames from X509

2014-07-17 Thread Carlos Garza
: I'm in favor of Evgeny's proposal. It sounds like it should resolve most (if not all) of the operators', vendors' and users' concerns with regard to handling TLS certificates. Stephen On Wed, Jul 16, 2014 at 12:35 PM, Carlos Garza carlos.ga...@rackspace.com wrote: On Jul 16, 2014

Re: [openstack-dev] [Neutron][LBaaS] TLS capability - SNI - Extracting SubjectCommonName and/or SubjectAlternativeNames from X509

2014-07-16 Thread Carlos Garza
the perspective of the SNI standard, there's no difference in how these fields should be treated, and if we were to treat SANs differently then we're both breaking the standard and setting a bad precedent. Stephen On Tue, Jul 15, 2014 at 9:35 AM, Carlos Garza carlos.ga

Re: [openstack-dev] [Neutron][LBaaS] TLS capability - SubjectAlternativeNames (SAN)

2014-07-16 Thread Carlos Garza
these fields should be treated, and if we were to treat SANs differently then we're both breaking the standard and setting a bad precedent. Stephen On Tue, Jul 15, 2014 at 9:35 AM, Carlos Garza carlos.ga...@rackspace.com wrote: On Jul 15, 2014, at 10:55 AM, Samuel Bercovici samu...@radware.com

Re: [openstack-dev] [Neutron][LBaaS] TLS capability - SubjectAlternativeNames (SAN)

2014-07-16 Thread Carlos Garza
On Jul 16, 2014, at 3:49 PM, Carlos Garza carlos.ga...@rackspace.com wrote: On Jul 16, 2014, at 12:30 PM, Vijay Venkatachalam vijay.venkatacha...@citrix.com wrote: We will have the code that will parse the X509 in the API scope of the code. The validation I'm refering to is making

Re: [openstack-dev] [Neutron][LBaaS] TLS capability - Certificate conflict resolution

2014-07-16 Thread Carlos Garza
at the same place. From the perspective of the SNI standard, there's no difference in how these fields should be treated, and if we were to treat SANs differently then we're both breaking the standard and setting a bad precedent. Stephen On Tue, Jul 15, 2014 at 9:35 AM, Carlos Garza

Re: [openstack-dev] [Neutron][LBaaS] TLS capability - SNI - Extracting SubjectCommonName and/or SubjectAlternativeNames from X509

2014-07-15 Thread Carlos Garza
On Jul 15, 2014, at 9:24 AM, Evgeny Fedoruk evge...@radware.com wrote: The question is about SCN and SAN extraction from X509. 1. Extraction of SCN/ SAN should be done while provisioning and not during TLS handshake Yes that makes the most sense. If some strange backend really wants

Re: [openstack-dev] [Neutron][LBaaS] TLS capability - SNI - Extracting SubjectCommonName and/or SubjectAlternativeNames from X509

2014-07-15 Thread Carlos Garza
On Jul 15, 2014, at 10:55 AM, Samuel Bercovici samu...@radware.com wrote: Hi, Obtaining the domain name from the x509 is probably more of a driver/backend/device capability, it would make sense to have a library that could be used by anyone wishing to do so in their driver code.

Re: [openstack-dev] [Neutron][LBaaS] subjAltName and CN extraction from x509 certificates

2014-06-27 Thread Carlos Garza
jden...@redhat.com wrote: On 06/27/2014 12:21 AM, Carlos Garza wrote: I don't know where we can check in experimental code so I have a demonstration of how to extract CNs subjAltNames or what ever we want from x509 certificates. Later on I plan to use the OpenSSL libraries

Re: [openstack-dev] [Neutron][LBaaS] subjAltName and CN extraction from x509 certificates

2014-06-27 Thread Carlos Garza
On Jun 27, 2014, at 9:26 AM, John Dennis jden...@redhat.com wrote: On 06/27/2014 12:21 AM, Carlos Garza wrote: I don't know where we can check in experimental code so I have a demonstration of how to extract CNs subjAltNames or what ever we want from x509 certificates. Later on I

Re: [openstack-dev] [Neutron][LBaaS] subjAltName and CN extraction from x509 certificates

2014-06-27 Thread Carlos Garza
On Jun 28, 2014, at 12:01 AM, Carlos Garza carlos.ga...@rackspace.com wrote: example python script using your example pem file. If using NSS isn't an option I'd rather see us provide the necessary binding in pyopenssl than handcraft one-off routines. Are you saying you prefer us

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-16 Thread Carlos Garza
Sorry for responding so late but I don't think we should be doing ref counting at all. In a closed system its hard enough to guarantee they are correct but in an open distributed system I really doubt every service will bother decrementing and incrementing the counters properly. On Jun 16,

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-16 Thread Carlos Garza
On Jun 16, 2014, at 3:22 PM, Doug Wiegley do...@a10networks.com wrote: nobody is calling Barbican a database. It is a place to store Š did you at least feel a heavy sense of irony as you typed those two statements? ³It¹s not a database, it just stores things!² :-) The real irony here

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-16 Thread Carlos Garza
On Jun 16, 2014, at 4:06 PM, Clint Byrum cl...@fewbar.com wrote: Excerpts from Doug Wiegley's message of 2014-06-16 13:22:26 -0700: nobody is calling Barbican a database. It is a place to store Š did you at least feel a heavy sense of irony as you typed those two statements? ³It¹s not a

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-11 Thread Carlos Garza
On Jun 11, 2014, at 9:31 AM, Evgeny Fedoruk evge...@radware.com wrote: Regarding the case when back-end system tries to retrieve secret from deleted Barbican TLS container, Is this a real use case? I mean, is there a back-end system which will get container ID from somewhere, try to

Re: [openstack-dev] [Neutron][LBaaS] TLS support RST document on Gerrit

2014-06-10 Thread Carlos Garza
Ok but we still need input from Stephen Balukoff and Jorge to see how this will integrate with the API being proposed. I'm not sure if they were intending to use the attributes your discussing as well as which object was going to contain them. On Jun 10, 2014, at 6:13 AM, Evgeny Fedoruk

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-09 Thread Carlos Garza
I understand this concern and was advocating that a configuration option be available to disable or enable auto updating of SSL certificates. But since every one is in favor of storing meta data on the barbican container directly I guess this is a moot point now. On Jun 6, 2014, at 5:52

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-09 Thread Carlos Garza
The barbican team was considering making the container mutable but I don't think it matters now since every one has chimed in and wants the container to be immutable. The current discussion now is that the TLS container will be immutable but the meta data will not be. I'm not sure what is

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-09 Thread Carlos Garza
The use case was that a cert inside the container could be updated while the private key stays the same. IE a new cert would be a resigning of the same old key. By immutable we mean to say that the same UUID would be used on the lbaas side. This is a heavy handed way of expecting the user to

Re: [openstack-dev] [Neutron][LBaaS]TLS API support for authentication

2014-05-28 Thread Carlos Garza
On May 27, 2014, at 9:13 PM, Stephen Balukoff sbaluk...@bluebox.net wrote: Hi y'all! I would advocate that if the user asks the front-end API for the private key information (ie. GET request), what they get back is the key's modulus and nothing else. This should work to verify whether a

Re: [openstack-dev] [Neutron][LBaaS]TLS API support for authentication

2014-05-23 Thread Carlos Garza
Right so are you advocating that the front end API never return a private key back to the user once regardless if the key was generated on the back end or sent in to the API from the user? We kind of are already are implying that they can refer to the key via a private key id. On May 23,

Re: [openstack-dev] [Neutron][LBaaS]LBaaS 2nd Session etherpad

2014-05-21 Thread Carlos Garza
...@radware.commailto:samu...@radware.com wrote: Hi Carlos, What is your IRC nick? In what time zone you are located? Regards, -Sam. From: Carlos Garza [mailto:carlos.ga...@rackspace.comhttp://rackspace.com] Sent: Wednesday, May 21, 2014 2:52 AM To: OpenStack Development Mailing List

Re: [openstack-dev] [Neutron][LBaaS]LBaaS 2nd Session etherpad

2014-05-20 Thread Carlos Garza
I'm reading through the https://wiki.openstack.org/wiki/Neutron/LBaaS/SSL docs as well as the https://etherpad.openstack.org/p/neutron-lbaas-ssl-l7 document that your referencing below and I think who ever wrote the documents may have misunder stood the Association between X509 certificates

Re: [openstack-dev] [Neutron][LBaaS] Multiple VIPs per loadbalancer

2014-05-10 Thread Carlos Garza
On May 10, 2014, at 1:52 AM, Eugene Nikanorov enikano...@mirantis.com wrote: Hi Carlos, I think you had a chance to hear this argument yourself (from several different core members: Mark McClain, Salvatore Orlando, Kyle Mestery) on those meetings we had in past 2 months. I was advocating

Re: [openstack-dev] [Neutron][LBaaS] API proposal review thoughts

2014-05-09 Thread Carlos Garza
in CLB1.0. Carlos. Eugene. On Fri, May 9, 2014 at 8:33 AM, Carlos Garza carlos.ga...@rackspace.commailto:carlos.ga...@rackspace.com wrote: On May 8, 2014, at 2:45 PM, Eugene Nikanorov enikano...@mirantis.commailto:enikano...@mirantis.com wrote: Hi Carlos, Are you saying that we should

Re: [openstack-dev] [Neutron][LBaaS] Multiple VIPs per loadbalancer

2014-05-09 Thread Carlos Garza
On May 9, 2014, at 3:36 PM, Eugene Nikanorov enikano...@mirantis.commailto:enikano...@mirantis.com wrote: Also we've heard objection to this approach several times from other core team members (this discussion has been going for more than half a year now), so I would suggest to move forward

Re: [openstack-dev] [Neutron] [LBaaS][VPN][Barbican] SSL cert implementation for LBaaS and VPN

2014-05-08 Thread Carlos Garza
to (https://blueprints.launchpad.net/barbican/+spec/crud-endpoints-secret-container) -Rob From: Carlos Garza [mailto:carlos.ga...@rackspace.com] Sent: 08 May 2014 04:30 To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Neutron] [LBaaS][VPN][Barbican] SSL

Re: [openstack-dev] [Neutron][LBaaS] API proposal review thoughts

2014-05-08 Thread Carlos Garza
On May 8, 2014, at 8:01 AM, Eugene Nikanorov enikano...@mirantis.commailto:enikano...@mirantis.com wrote: Hi Adam, My comments inline: 1. We shouldn't be looking at the current model and deciding which object is the root object, or what object to rename as a loadbalancer... That's totally

Re: [openstack-dev] [Neutron][LBaaS] API proposal review thoughts

2014-05-08 Thread Carlos Garza
On May 8, 2014, at 2:45 PM, Eugene Nikanorov enikano...@mirantis.commailto:enikano...@mirantis.com wrote: Hi Carlos, Are you saying that we should only have a loadbalancer resource only in the case where we want it to span multiple L2 networks as if it were a router? I don't see how you

Re: [openstack-dev] [Neutron] [LBaaS][VPN][Barbican] SSL cert implementation for LBaaS and VPN

2014-05-07 Thread Carlos Garza
I thought the requirement was from the need to ensure the backend was secure. IE people would throw a fit if they find out your storing keys in sqllite or MySQL. Wasn't the purpose to find A Secure repository? On May 7, 2014, at 10:38 AM, Zang MingJie zealot0...@gmail.com wrote: +1 to

Re: [openstack-dev] [Neutron] [LBaaS][VPN][Barbican] SSL cert implementation for LBaaS and VPN

2014-05-07 Thread Carlos Garza
On May 7, 2014, at 10:53 AM, Samuel Bercovici samu...@radware.commailto:samu...@radware.com wrote: Hi John, If the user already has an SSL certificate that was acquired outside of the barbican Ordering system, how can he store it securely in Barbican as a SSL Certificate? The Container

Re: [openstack-dev] [Neutron][LBaaS]User Stories and sruvey

2014-05-01 Thread Carlos Garza
Balukoff I'm liking your API spec so far but can you elaborate on what this loadbalancer object you refer to is. on page You declare its immutable and refer to it like an actual primitive object yet I don't see a schema for it. I see loadbalancer_id in the vip request that reference. The

Re: [openstack-dev] [Neutron][LBaaS] Use Case Question

2014-05-01 Thread Carlos Garza
our stingray nodes don't allow you to specify. Its just an enable or disable option. On May 1, 2014, at 7:35 PM, Stephen Balukoff sbaluk...@bluebox.netmailto:sbaluk...@bluebox.net wrote: Question for those of you using the SSL session ID for persistency: About how long do you typically set

Re: [openstack-dev] [Neutron][LBaaS] Use-Cases with VPNs Distinction

2014-05-01 Thread Carlos Garza
On May 1, 2014, at 7:48 PM, Stephen Balukoff sbaluk...@bluebox.netmailto:sbaluk...@bluebox.net wrote: Hi Trevor, I was the one who wrote that use case based on discussion that came out of the question I wrote the list last week about SSL re-encryption: Someone had stated that sometimes

Re: [openstack-dev] [Neutron][LBaaS] Use Case Question

2014-04-29 Thread Carlos Garza
I mis quoted it should be in RFC 5246 not 5264. On Apr 25, 2014, at 2:50 AM, Carlos Garza carlos.ga...@rackspace.commailto:carlos.ga...@rackspace.com wrote: Trevor is referring to our plans on using the SSL session ID of the ClientHello to provide session persistence. See RFC 5264

Re: [openstack-dev] [Neutron][LBaaS] BBG edit of new API proposal

2014-04-29 Thread Carlos Garza
On Apr 27, 2014, at 8:35 AM, Eugene Nikanorov enikano...@mirantis.commailto:enikano...@mirantis.com wrote: On Fri, Apr 25, 2014 at 4:03 AM, Eugene Nikanorov enikano...@mirantis.commailto:enikano...@mirantis.com wrote: Speaking of SSL - we have a few few project-wise issues such as lack of

Re: [openstack-dev] [Neutron][LBaaS] BBG edit of new API proposal

2014-04-29 Thread Carlos Garza
This blueprint was marked abandoned. On Apr 29, 2014, at 3:55 PM, Vijay B os.v...@gmail.commailto:os.v...@gmail.com wrote: Hi Sam, Evgeny, I've reviewed https://review.openstack.org/#/c/74031 with my comments. I am not sure if there is a request with code newer than this link - please do

Re: [openstack-dev] [Neutron][LBaaS] Use Case Question

2014-04-25 Thread Carlos Garza
Trevor is referring to our plans on using the SSL session ID of the ClientHello to provide session persistence. See RFC 5264 section 7.4.1.2 which sends an SSL session ID in the clear (Unencrypted) so that a load balancer with out the decrypting key can use it to make decisions on which

Re: [openstack-dev] [Neutron][LBaaS] SSL re-encryption scenario question

2014-04-21 Thread Carlos Garza
-signed certs in a single pool? Thanks, Stephen On Fri, Apr 18, 2014 at 5:56 PM, Carlos Garza carlos.ga...@rackspace.commailto:carlos.ga...@rackspace.com wrote: On Apr 18, 2014, at 12:36 PM, Stephen Balukoff sbaluk...@bluebox.netmailto:sbaluk...@bluebox.net wrote: Dang. I was hoping

Re: [openstack-dev] [Neutron][LBaaS] SSL re-encryption scenario question

2014-04-20 Thread Carlos Garza
must be associated with members. I'm not invested in an argument this far in. What are people seeing in the wild? Are your users using inconsistently-signed or per-node self-signed certs in a single pool? Thanks, Stephen On Fri, Apr 18, 2014 at 5:56 PM, Carlos Garza carlos.ga

Re: [openstack-dev] [Neutron][LBaas] Single call API discussion

2014-04-18 Thread Carlos Garza
On Apr 17, 2014, at 8:39 PM, Stephen Balukoff sbaluk...@bluebox.netmailto:sbaluk...@bluebox.net wrote: Hello German and Brandon! Responses in-line: On Thu, Apr 17, 2014 at 3:46 PM, Brandon Logan brandon.lo...@rackspace.commailto:brandon.lo...@rackspace.com wrote: Stephen, I have responded

Re: [openstack-dev] [Neutron][LBaaS] SSL re-encryption scenario question

2014-04-18 Thread Carlos Garza
On Apr 18, 2014, at 10:21 AM, Stephen Balukoff sbaluk...@bluebox.net wrote: Howdy, folks! Could someone explain to me the SSL usage scenario where it makes sense to re-encrypt traffic traffic destined for members of a back-end pool? SSL termination on the load balancer makes sense to

Re: [openstack-dev] [Neutron][LBaaS] SSL re-encryption scenario question

2014-04-18 Thread Carlos Garza
On Apr 18, 2014, at 12:59 PM, Vijay Venkatachalam vijay.venkatacha...@citrix.commailto:vijay.venkatacha...@citrix.com wrote: There is no reasoning mentioned in AWS, but they do allow re-encryption. Is their also no reason to mention: BigIp's F5 LoadBalancers

Re: [openstack-dev] [Neutron][LBaaS] SSL re-encryption scenario question

2014-04-18 Thread Carlos Garza
On Apr 18, 2014, at 12:36 PM, Stephen Balukoff sbaluk...@bluebox.netmailto:sbaluk...@bluebox.net wrote: Dang. I was hoping this wasn't the case. (I personally think it's a little silly not to trust your service provider to secure a network when they have root access to all the machines

Re: [openstack-dev] [Neutron][LBaas] Single call API discussion

2014-04-17 Thread Carlos Garza
On Apr 17, 2014, at 2:11 PM, Stephen Balukoff sbaluk...@bluebox.netmailto:sbaluk...@bluebox.net wrote: Oh! One other question: 5. Should single-call stuff work for the lifecycle of a load balancing service? That is to say, should delete functionality also clean up all primitives associated

Re: [openstack-dev] [Neutron][LBaaS] HA functionality discussion

2014-04-17 Thread Carlos Garza
On Apr 17, 2014, at 5:49 PM, Stephen Balukoff sbaluk...@bluebox.netmailto:sbaluk...@bluebox.net wrote: Heyas, y'all! So, given both the prioritization and usage info on HA functionality for Neutron LBaaS here:

Re: [openstack-dev] [Neutron][LBaaS] Requirements and API revision progress

2014-04-16 Thread Carlos Garza
On Apr 14, 2014, at 8:20 PM, Stephen Balukoff sbaluk...@bluebox.netmailto:sbaluk...@bluebox.net wrote: Hello y'all! Over the last few months, I feel like we've seen a renewed vigor for participation in making the LBaaS project successful. After the (still unresolved) object model discussion

Re: [openstack-dev] [Neutron][LBaaS] Requirements and API revision progress

2014-04-16 Thread Carlos Garza
On Apr 16, 2014, at 4:31 PM, Eugene Nikanorov enikano...@mirantis.commailto:enikano...@mirantis.com wrote: Hi folks, I've briefly looked over the doc. I think whole idea to base the API on Atlas misses the content switching use case, which is very important: We need multiple pools within

Re: [openstack-dev] [Neutron][LBaaS] Requirements and API revision progress

2014-04-16 Thread Carlos Garza
we saw on ssl is an entry in the vip table of a proposed object model but nothing else. We would like to hear your ideas. Thanks, Stephen On Wed, Apr 16, 2014 at 4:17 PM, Carlos Garza carlos.ga...@rackspace.commailto:carlos.ga...@rackspace.com wrote: On Apr 16, 2014, at 4:31 PM, Eugene